Flashcards in Chapter 2 Monitoring and Diagnosing Networks Deck (31)
Network Monitors (sniffers)
A machine that watches network traffic and collects data. Nowadays all you need to have is a computer with an NIC in promiscuous mode (picking up all packets that run past it).
Application Log (event viewer)
-Events logged by applications or programs
Security Logs (event viewer)
-Successful and unsuccessful login attempts
-Events related to creating, opening, and deleting files
-By default, both successes and failures are not logged. You should change this.
Locking down the operating system or your software's code as much as you practically can
Programs that run on startup, and often are in the background. You should carefully disable any you don't need.
File and Print Server Security Risks
-Very vulnerable to DoS and access attacks
-Deactivate all ports and protocols you don't need to use
Should be limited to what's essential to performing system functions
-Hide root directories from browsing
Patches that address issues in the operating system that needed major reworking
General fixes with program code
Fix various vulnerabilities that may be found on an operating system. These should be deployed within 30 days of their release
User Account Control
-Disable, but don't delete, all unneccesary accounts
-Pay attention not only to domain accounts, but to local accounts as well
-Make sure set passwords meet the company's minimum requirements
Principle of Least Privilege
Give employees access to the bare minimum of resources they need to successfully do their jobs
Use MAC Filtering and port authentication together for exponential security increase
Remember, all ports you're not using can be a security risk
Make sure your security posture baselines are in compliance with HIPAA, ICI, or whoever is setting your standards.
Scheduled, in-depth checks of security
-Review security logs and compliance
-Check security device configuration
When a security gap is found, take note of it and develop a remediation plan.
-Sample threat classification:
-Minor: not an immediate threat
-Serious: Could pose a threat, but that's very unlikely/difficult
-Critical: It needs to be taken care of ASAP
An indication of an ongoing current problem
-Good for an issue that should be looked at right away
You should pay attention to an alert, but it isn't an indication of impending doom.
Trends in threats you observe, either to your company, or to the networking world at large. These can be used to help you be proactive in your security planning.
Enticement vs. Entrapment
Enticement: You lure someone into a trap you setup, like a honeypot
Entrapment: Encouraging someone to break the law and reporting them for it.
File Transfer Protocol (FTP)
SSH, SCP and SFTP
Domain Name Services (DNS)
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS)
Simple Network Management Protocol (SNMP)
Internet Printing Protocol (IPP)
Network Basic Input/output System (NetBIOS)